On Wednesday, CISA added CVE-2024-54085 to its list of vulnerabilities known to be exploited in the wild. The notice provided no further details.
In an email on Thursday, Eclypsium researchers said the scope of the exploits has the potential to be broad. That scope includes:
Attackers could chain multiple BMC exploits to implant malicious code directly into the BMC’s firmware, making their presence extremely difficult to detect and allowing them to survive OS reinstalls or even disk replacements.
By operating below the OS, attackers can evade endpoint protection, logging, and most traditional security tools.
With BMC access, attackers can remotely power on or off,
→ Continue reading at Ars Technica
